Cybersecurity
Cybersecurity For Dummies
Explore the latest developments in cybersecurity with this essential guide Every day it seems we read another story about one company or another being targeted by cybercriminals. It makes some of us wonder: am I safe online? The good news is that we can all be cybersecure--and it doesn't take a...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Hoboken, NJ :
John Wiley & Sons, Inc
[2022]
|
| Edición: | Second edition |
| Colección: | --For dummies.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009659942906719 |
Tabla de Contenidos:
- Intro
- Title Page
- Copyright Page
- Table of Contents
- Introduction
- About This Book
- Foolish Assumptions
- Icons Used in This Book
- Beyond the Book
- Where to Go from Here
- Part 1 Getting Started with Cybersecurity
- Chapter 1 What Exactly Is Cybersecurity?
- Cybersecurity Means Different Things to Different Folks
- Cybersecurity Is a Constantly Moving Target
- Technological changes
- Digital data
- The Internet
- Cryptocurrency
- Mobile workforces and ubiquitous access
- Smart devices
- Big data
- The COVID-19 pandemic
- Social shifts
- Economic model shifts
- Political shifts
- Data collection
- Election interference
- Hacktivism
- Greater freedom
- Sanctions
- New balances of power
- Looking at the Risks Cybersecurity Mitigates
- The goal of cybersecurity: The CIA Triad
- From a human perspective
- Chapter 2 Getting to Know Common Cyberattacks
- Attacks That Inflict Damage
- Denial-of-service (DoS) attacks
- Distributed denial-of-service (DDoS) attacks
- Botnets and zombies
- Data destruction attacks
- Is That Really You? Impersonation
- Phishing
- Spear phishing
- CEO fraud
- Smishing
- Vishing
- Pharming
- Whaling: Going for the "big fish"
- Messing around with Other People's Stuff: Tampering
- Captured in Transit: Interception
- Man-in-the-middle attacks
- Taking What Isn't Theirs: Data Theft
- Personal data theft
- Business data theft
- Data exfiltration
- Compromised credentials
- Forced policy violations
- Cyberbombs That Sneak into Your Devices: Malware
- Viruses
- Worms
- Trojans
- Ransomware
- Scareware
- Spyware
- Cryptocurrency miners
- Adware
- Blended malware
- Zero-day malware
- Fake malware on computers
- Fake malware on mobile devices
- Fake security subscription renewal notifications
- Poisoned Web Service Attacks
- Network Infrastructure Poisoning.
- Malvertising
- Drive-by downloads
- Stealing passwords
- Exploiting Maintenance Difficulties
- Advanced Attacks
- Opportunistic attacks
- Targeted attacks
- Blended (opportunistic and targeted) attacks
- Some Technical Attack Techniques
- Rootkits
- Brute-force attacks
- Injection attacks
- Cross-site scripting
- SQL injection
- Session hijacking
- Malformed URL attacks
- Buffer overflow attacks
- Chapter 3 The Bad Guys You Must Defend Against
- Bad Guys and Good Guys Are Relative Terms
- Bad Guys Up to No Good
- Script kiddies
- Kids who are not kiddies
- Terrorists and other rogue groups
- Nations and states
- Corporate spies
- Criminals
- Hacktivists
- Terrorists
- Rogue insiders
- Cyberattackers and Their Colored Hats
- How Cybercriminals Monetize Their Actions
- Direct financial fraud
- Indirect financial fraud
- Profiting off illegal trading of securities
- Stealing credit card, debit card, and other payment-related information
- Stealing goods
- Stealing data
- Ransomware
- Cryptominers
- Not All Dangers Come From Attackers: Dealing with Nonmalicious Threats
- Human error
- Humans: The Achilles' heel of cybersecurity
- Social engineering
- External disasters
- Natural disasters
- Pandemics
- Man-made environmental problems
- Cyberwarriors and cyberspies
- The impotent Fair Credit Reporting Act
- Expunged records are no longer really expunged
- Social Security numbers
- Social media platforms
- Google's all-knowing computers
- Mobile device location tracking
- Defending against These Attackers
- Part 2 Improving Your Own Personal Security
- Chapter 4 Evaluating Your Current Cybersecurity Posture
- Don't be Achilles: Identifying Ways You May Be Less than Secure
- Your home computer(s)
- Your mobile devices
- Your Internet of Things (IoT) devices
- Your networking equipment.
- Your work environment
- Identifying Risks
- Protecting against Risks
- Perimeter defense
- Firewall/router
- Security software
- Your physical computer(s) and any other endpoints
- Backups
- Detecting
- Responding
- Recovering
- Improving
- Evaluating Your Current Security Measures
- Software
- Hardware
- Insurance
- Education
- Privacy 101
- Think before you share
- Think before you post
- General privacy tips
- Banking Online Safely
- Safely Using Smart Devices
- Cryptocurrency Security 101
- Chapter 5 Enhancing Physical Security
- Understanding Why Physical Security Matters
- Taking Inventory
- Stationary devices
- Mobile devices
- Locating Your Vulnerable Data
- Creating and Executing a Physical Security Plan
- Implementing Physical Security
- Security for Mobile Devices
- Realizing That Insiders Pose the Greatest Risks
- Chapter 6 Cybersecurity Considerations When Working from Home
- Network Security Concerns
- Device Security Concerns
- Location Cybersecurity
- Shoulder surfing
- Eavesdropping
- Theft
- Human errors
- Video Conferencing Cybersecurity
- Keep private stuff out of camera view
- Keep video conferences secure from unauthorized visitors
- Social Engineering Issues
- Regulatory Issues
- Part 3 Protecting Yourself from Yourself
- Chapter 7 Securing Your Accounts
- Realizing You're a Target
- Securing Your External Accounts
- Securing Data Associated with User Accounts
- Conduct business with reputable parties
- Use official apps and websites
- Don't install software from untrusted parties
- Don't root your phone
- Don't provide unnecessary sensitive information
- Use payment services that eliminate the need to share credit card numbers
- Use one-time, virtual credit card numbers when appropriate
- Monitor your accounts
- Report suspicious activity ASAP.
- Employ a proper password strategy
- Utilize multifactor authentication
- Log out when you're finished
- Use your own computer or phone
- Lock your computer
- Use a separate, dedicated computer for sensitive tasks
- Use a separate, dedicated browser for sensitive web-based tasks
- Secure your access devices
- Keep your devices up to date
- Don't perform sensitive tasks over public Wi-Fi
- Never use public Wi-Fi in high-risk places
- Access your accounts only in safe locations
- Use appropriate devices
- Set appropriate limits
- Use alerts
- Periodically check access device lists
- Check last login info
- Respond appropriately to any fraud alerts
- Never send sensitive information over an unencrypted connection
- Beware of social engineering attacks
- Establish voice login passwords
- Protect your cellphone number
- Don't click on links in emails or text messages
- Securing Data with Parties You've Interacted With
- Securing Data at Parties You Haven't Interacted With
- Securing Data by Not Connecting Hardware with Unknown Pedigrees
- Chapter 8 Passwords
- Passwords: The Primary Form of Authentication
- Avoiding Simplistic Passwords
- Password Considerations
- Easily guessable personal passwords
- Complicated passwords aren't always better
- Different levels of sensitivity
- Your most sensitive passwords may not be the ones you think
- You can reuse passwords - sometimes
- Consider using a password manager
- Creating Memorable, Strong Passwords
- Knowing When to Change Passwords
- Changing Passwords after a Breach
- Providing Passwords to Humans
- Storing Passwords
- Storing passwords for your heirs
- Storing general passwords
- Transmitting Passwords
- Discovering Alternatives to Passwords
- Biometric authentication
- SMS-based authentication
- App-based one-time passwords
- Hardware token authentication.
- USB-based authentication
- Chapter 9 Preventing Social Engineering Attacks
- Don't Trust Technology More than You Would People
- Types of Social Engineering Attacks
- Six Principles Social Engineers Exploit
- Don't Overshare on Social Media
- Your schedule and travel plans
- Financial information
- Personal information
- Information about your children
- Information about your pets
- Work information
- Possible cybersecurity issues
- Crimes and minor infractions
- Medical or legal advice
- Your location
- Your birthday
- Your "sins"
- Leaking Data by Sharing Information as Part of Viral Trends
- Identifying Fake Social Media Connections
- Photo
- Verification
- Friends or connections in common
- Relevant posts
- Number of connections
- Industry and location
- Similar people
- Duplicate contact
- Contact details
- Premium status
- LinkedIn endorsements
- Group activity
- Appropriate levels of relative usage
- Human activities
- Cliché names
- Poor contact information
- Skill sets
- Spelling
- Age of an account
- Suspicious career or life path
- Level or celebrity status
- Using Bogus Information
- Using Security Software
- General Cyberhygiene Can Help Prevent Social Engineering
- Part 4 Cybersecurity for Businesses, Organizations, and Government
- Chapter 10 Securing Your Small Business
- Making Sure Someone Is In Charge
- Watching Out for Employees
- Incentivize employees
- Avoid giving out the keys to the castle
- Give everyone separate credentials
- Restrict administrators
- Limit access to corporate accounts
- Implement employee policies
- Enforce social media policies
- Monitor employees
- Dealing with a Remote Workforce
- Use work devices and separate work networks
- Set up virtual private networks
- Create standardized communication protocols
- Use a known network.
- Determine how backups are handled.
